[phpwiki-checkins] CVS: phpwiki/lib/plugin RecentChanges.php,1.85,1.86 WikiAdminChmod.php,1.4,1.5 WikiAdminRemove.php,1.15,1.16 WikiAdminRename.php,1.8,1.9 WikiAdminSearchReplace.php,1.6,1.7 WikiAdminSetAcl.php,1.2,1.3 WikiAdminUtils.php,1.5,1.6

[Reini U. <ru...@us...>]

Update of /cvsroot/phpwiki/phpwiki/lib/plugin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13891/plugin

Modified Files:
	RecentChanges.php WikiAdminChmod.php WikiAdminRemove.php 
	WikiAdminRename.php WikiAdminSearchReplace.php 
	WikiAdminSetAcl.php WikiAdminUtils.php 
Log Message:
enforce PagePermissions, errormsg if not Admin

Index: RecentChanges.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/RecentChanges.php,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -2 -b -p -d -r1.85 -r1.86
--- RecentChanges.php	17 Feb 2004 12:11:36 -0000	1.85
+++ RecentChanges.php	12 Mar 2004 13:31:43 -0000	1.86
@@ -308,4 +308,6 @@ extends _RecentChanges_Formatter
 
             }
+            // enforce view permission
+            if (mayAccessPage('view',$rev->_pagename)) {
             $lines->pushContent($this->format_revision($rev));
 
@@ -314,4 +316,5 @@ extends _RecentChanges_Formatter
             $first = false;
         }
+        }
         if ($lines)
             $html->pushContent($lines);
@@ -481,4 +484,6 @@ extends _RecentChanges_Formatter
         $first = true;
         while ($rev = $changes->next()) {
+            // enforce view permission
+            if (mayAccessPage('view',$rev->_pagename)) {
             $rss->addItem($this->item_properties($rev),
                           $this->pageURI($rev));
@@ -487,4 +492,5 @@ extends _RecentChanges_Formatter
             $first = false;
         }
+        }
 
         global $request;
@@ -775,4 +781,7 @@ class DayButtonBar extends HtmlElement {
 
 // $Log$
+// Revision 1.86  2004/03/12 13:31:43  rurban
+// enforce PagePermissions, errormsg if not Admin
+//
 // Revision 1.85  2004/02/17 12:11:36  rurban
 // added missing 4th basepage arg at plugin->run() to almost all plugins. This caused no harm so far, because it was silently dropped on normal usage. However on plugin internal ->run invocations it failed. (InterWikiSearch, IncludeSiteMap, ...)

Index: WikiAdminChmod.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminChmod.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -2 -b -p -d -r1.4 -r1.5
--- WikiAdminChmod.php	24 Feb 2004 15:20:06 -0000	1.4
+++ WikiAdminChmod.php	12 Mar 2004 13:31:43 -0000	1.5
@@ -114,7 +114,13 @@ extends WikiPlugin_WikiAdminSelect
         if ($p && !$request->isPost())
             $pages = $p;
-        if ($p && $request->isPost() && $request->_user->isAdmin()
-            && !empty($post_args['chmod']) && empty($post_args['cancel'])) {
-            // FIXME: error message if not admin.
+        if ($p && $request->isPost() &&
+            !empty($post_args['chmod']) && empty($post_args['cancel'])) {
+
+            // FIXME: check individual PagePermissions
+            if (!$request->_user->isAdmin()) {
+                $request->_notAuthorized(WIKIAUTH_ADMIN);
+                $this->disabled("! user->isAdmin");
+            }
+
             if ($post_args['action'] == 'verify') {
                 // Real action
@@ -193,4 +199,7 @@ extends WikiPlugin_WikiAdminSelect
 
 // $Log$
+// Revision 1.5  2004/03/12 13:31:43  rurban
+// enforce PagePermissions, errormsg if not Admin
+//
 // Revision 1.4  2004/02/24 15:20:06  rurban
 // fixed minor warnings: unchecked args, POST => Get urls for sortby e.g.

Index: WikiAdminRemove.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminRemove.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -2 -b -p -d -r1.15 -r1.16
--- WikiAdminRemove.php	1 Mar 2004 13:48:46 -0000	1.15
+++ WikiAdminRemove.php	12 Mar 2004 13:31:43 -0000	1.16
@@ -143,7 +143,12 @@ extends WikiPlugin
         $pages = array();
         
-        if ($p && $request->isPost() && $request->_user->isAdmin()
-            && !empty($post_args['remove']) && empty($post_args['cancel'])) {
-            // FIXME: error message if not admin.
+        if ($p && $request->isPost() &&
+            !empty($post_args['remove']) && empty($post_args['cancel'])) {
+
+            // FIXME: check individual PagePermissions
+            if (!$request->_user->isAdmin()) {
+                $request->_notAuthorized(WIKIAUTH_ADMIN);
+                $this->disabled("! user->isAdmin");
+            }
             if ($post_args['action'] == 'verify') {
                 // Real delete.
@@ -214,4 +219,7 @@ extends WikiPlugin
 
 // $Log$
+// Revision 1.16  2004/03/12 13:31:43  rurban
+// enforce PagePermissions, errormsg if not Admin
+//
 // Revision 1.15  2004/03/01 13:48:46  rurban
 // rename fix

Index: WikiAdminRename.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminRename.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -2 -b -p -d -r1.8 -r1.9
--- WikiAdminRename.php	1 Mar 2004 13:48:46 -0000	1.8
+++ WikiAdminRename.php	12 Mar 2004 13:31:43 -0000	1.9
@@ -107,6 +107,13 @@ extends WikiPlugin_WikiAdminSelect
         if ($p && !$request->isPost())
             $pages = $p;
-        if ($p && $request->isPost() && $request->_user->isAdmin()
-            && !empty($post_args['rename']) && empty($post_args['cancel'])) {
+        if ($p && $request->isPost() &&
+            !empty($post_args['rename']) && empty($post_args['cancel'])) {
+
+            // FIXME: check individual PagePermissions
+            if (!$request->_user->isAdmin()) {
+                $request->_notAuthorized(WIKIAUTH_ADMIN);
+                $this->disabled("! user->isAdmin");
+            }
+
             // FIXME: error message if not admin.
             if ($post_args['action'] == 'verify') {
@@ -188,4 +195,7 @@ extends WikiPlugin_WikiAdminSelect
 
 // $Log$
+// Revision 1.9  2004/03/12 13:31:43  rurban
+// enforce PagePermissions, errormsg if not Admin
+//
 // Revision 1.8  2004/03/01 13:48:46  rurban
 // rename fix

Index: WikiAdminSearchReplace.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminSearchReplace.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -2 -b -p -d -r1.6 -r1.7
--- WikiAdminSearchReplace.php	24 Feb 2004 15:20:07 -0000	1.6
+++ WikiAdminSearchReplace.php	12 Mar 2004 13:31:43 -0000	1.7
@@ -128,7 +128,13 @@ extends WikiPlugin_WikiAdminSelect
         if ($p && !$request->isPost())
             $pages = $p;
-        if ($p && $request->isPost() && $request->_user->isAdmin()
-            && empty($post_args['cancel'])) {
-            // FIXME: error message if not admin.
+        if ($p && $request->isPost() &&
+            empty($post_args['cancel'])) {
+
+            // FIXME: check individual PagePermissions
+            if (!$request->_user->isAdmin()) {
+                $request->_notAuthorized(WIKIAUTH_ADMIN);
+                $this->disabled("! user->isAdmin");
+            }
+
             if ($post_args['action'] == 'verify' and !empty($post_args['from'])) {
                 // Real action
@@ -238,4 +244,7 @@ function stri_replace($find,$replace,$st
 
 // $Log$
+// Revision 1.7  2004/03/12 13:31:43  rurban
+// enforce PagePermissions, errormsg if not Admin
+//
 // Revision 1.6  2004/02/24 15:20:07  rurban
 // fixed minor warnings: unchecked args, POST => Get urls for sortby e.g.

Index: WikiAdminSetAcl.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminSetAcl.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -2 -b -p -d -r1.2 -r1.3
--- WikiAdminSetAcl.php	24 Feb 2004 04:02:07 -0000	1.2
+++ WikiAdminSetAcl.php	12 Mar 2004 13:31:43 -0000	1.3
@@ -108,7 +108,13 @@ extends WikiPlugin_WikiAdminSelect
         if ($p && !$request->isPost())
             $pages = $p;
-        if ($p && $request->isPost() && $request->_user->isAdmin()
-            && !empty($post_args['acl']) && empty($post_args['cancel'])) {
-            // FIXME: error message if not admin.
+        if ($p && $request->isPost() &&
+            !empty($post_args['acl']) && empty($post_args['cancel'])) {
+
+            // FIXME: check individual PagePermissions
+            if (!$request->_user->isAdmin()) {
+                $request->_notAuthorized(WIKIAUTH_ADMIN);
+                $this->disabled("! user->isAdmin");
+            }
+
             if ($post_args['action'] == 'verify') {
                 // Real action
@@ -208,4 +214,7 @@ extends WikiPlugin_WikiAdminSelect
 
 // $Log$
+// Revision 1.3  2004/03/12 13:31:43  rurban
+// enforce PagePermissions, errormsg if not Admin
+//
 // Revision 1.2  2004/02/24 04:02:07  rurban
 // Better warning messages

Index: WikiAdminUtils.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminUtils.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -2 -b -p -d -r1.5 -r1.6
--- WikiAdminUtils.php	17 Feb 2004 12:11:36 -0000	1.5
+++ WikiAdminUtils.php	12 Mar 2004 13:31:43 -0000	1.6
@@ -62,6 +62,8 @@ extends WikiPlugin
         if ($request->isPost()) {
             $user = $request->getUser();
-            if (!$user->isAdmin())
+            if (!$user->isAdmin()) {
+                $request->_notAuthorized(WIKIAUTH_ADMIN);
                 return $this->error(_("You must be an administrator to use this plugin."));
+            }
             return $this->do_action($request, $posted);
         }